apache doc folder permissions problem
macportsusers-20171215 at billmail.scconsult.com
Fri Jun 18 18:39:52 UTC 2021
On 2021-06-18 at 14:33:43 UTC-0400 (Fri, 18 Jun 2021 14:33:43 -0400)
Murray Eisenberg <murrayeisenberg at gmail.com>
is rumored to have said:
>> On 18 Jun2021, at 2:13 PM, Bill Cole
>> <macportsusers-20171215 at billmail.scconsult.com> wrote:
>> On 2021-06-18 at 10:17:13 UTC-0400 (Fri, 18 Jun 2021 10:17:13 -0400)
>> Murray Eisenberg <murrayeisenberg at gmail.com>
>> is rumored to have said:
>>> sudo chmod a+x /Users /Users/me /Users/me/Sites
>>> fixed the permissions access problem.
>> The requirement is that the user running httpd must have search
>> access on the whole tree above anywhere httpd is serving files from.
>> The precise meaning of the 'search' permission (i.e. the 'execute'
>> bit on a directory) is not intuitive or even well documented. It is
>> simply the ability to access nodes within the directory based on
>> those nodes' permissions, provided the caller knows the name of the
>> item being accessed. Without search permission it simply does not
>> matter what the permissions on items below the directory might be,
>> they cannot be accessed. If you are concerned with other users (i.e.
>> processes running as other users, such as 'daemon' which runs httpd
>> under MacPorts) you can 'chmod a-r' on those directories to block
>> reading of the directories themselves (i.e. the list of names of
>> You can provide the search permission via the basic rwx by
>> user/group/all mechanism or by extended ACLs, but you cannot create a
>> deep space of access without a path from above….
> With macOS 11.4 at least, the command
> chmod a-r /Users
> and even
> sudo chmod a-r /Users
> gives error "chmod: Unable to change file mode on /Users: Operation
> not permitted”.
Which indicates that Apple has decided to add /Users to the creeping
expanse of files and directories behind the Iron Curtain of SIP.
Consider yourself Protected.
> (By contrast, making the change for /Users/me and /Users/me/Sites is
I guess they are waiting for OS 12 to lock those down...
bill at scconsult.com or billcole at apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
More information about the macports-users